|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 7/7] x86/mm: Prevent 32bit PV guests using out-of-range linear addresses
The grant ABI uses 64 bit values, and allows a PV guest to specify linear
addresses. There is nothing interesting a 32bit PV guest can reference which
will pass an __addr_ok() check, but it should still get an error for trying.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
CC: Jan Beulich <JBeulich@xxxxxxxx>
---
xen/arch/x86/mm.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/xen/arch/x86/mm.c b/xen/arch/x86/mm.c
index 1a8ad42..edf8fdf 100644
--- a/xen/arch/x86/mm.c
+++ b/xen/arch/x86/mm.c
@@ -3864,6 +3864,10 @@ int create_grant_pv_mapping(uint64_t addr, unsigned long
frame,
}
else
{
+ /* Guest trying to pass an out-of-range linear address? */
+ if ( is_pv_32bit_domain(currd) && addr != (uint32_t)addr )
+ goto out;
+
pl1e = map_guest_l1e(addr, &gl1mfn);
if ( !pl1e )
@@ -4008,6 +4012,19 @@ int replace_grant_pv_mapping(uint64_t addr, unsigned
long frame,
}
else
{
+ if ( is_pv_32bit_domain(currd) )
+ {
+ if ( addr != (uint32_t)addr )
+ {
+ ASSERT_UNREACHABLE();
+ goto out;
+ }
+
+ /* Guest trying to pass an out-of-range linear address? */
+ if ( new_addr != (uint32_t)new_addr )
+ goto out;
+ }
+
if ( new_addr && !steal_linear_address(new_addr, &nl1e) )
goto out;
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |